- Listen on:
- Spotify
- Apple
- Pocketcasts
- Stitcher
- Castro
- Google Podcasts
- Amazon Music
- RSS
Latest Episodes
16

Episode 16: Merging Cloud Based Startup Into Financial Giants
Attendees Guest: Ori Troyna Guest title: Global head of product security at Payu Company: Payu Abstract Payu, a global fintech gaint acquired Zooz , a small payment startup. In this episode we talk with Ori Troyna, Global head of product security at Payu about the challenges that such a merger between two very different companies with different engineering methodologies and how they cope with those challenges. Timing: 1.14 Ori introduce himself 11.40 challenges of merging small companies into financial giants. Integrating different technologies stacks into one. 18.33 how to build the organizational structure the consolidate the different companies and technology stacks 21.30 understanding the acquisition considerations of PayU and its effect on security considerations 27.0 solving the consolidation challenges - the people angel. Moving to tribes and clans and providing security goals 34.30 the difference between product security and IT security 36.0 solving the consolidation challenges - the process angel. How to integrate different tribes and clans to create one joint development backlog and mature devops 46.40 solving the consolidation challenges - the technology angel. Building global infrastructure that support multiple projects 53.22 summary and last words ...
15

Episode 15: Challenges Of Selecting SaaS Providers
Attendees Guest: Tal Arad Guest title: Former CISO Company: CEVA logistics Abstract Consuming SaaS from various vendors can be a challenging task, the first challenge is to distinguish who are the mature providers that you can trust your data with, and the second challenge is auditing them and their services. In this episode we talk with Tal Arad, former CISO of CEVA logistics about the challenges of selecting SaaS providers and how to auditing them wisely. Timing: 0:35 introducing our guest 02:30 Introducing Ceva Logistics and the CISO challenges 5:55 How to get started in as a new CISO 9:20 Challenges with SaaS providers - distinguishing between mature and immature Providers 16:15 tips for selecting SaaS providers 22:30 what happens when something happens and choosing providers carefully 24:50 Tips for managing ongoing relationships with SaaS providers 34:27 Summary and final words ...
14

Episode 14: DevOps Secret Management
Attendees Guest: Oded Hareven Guest title: Founder & CEO Company: A-Key-Less Abstract Application Secret management is becoming one of the biggest challenges for application security. With cloud, CI/CD and micro services architecture we discover that we are using a growing number of encryption keys, API keys, SSH keys tokens and connection strings. In this episode we talk with Oded HarEven, Founder at A-Key-Less about the challenges of secret management and the way to build secure secret management solution. Timing 0:00 Intro and introducing our guest 1:40 Application secret management - defining what secret is, and what is secret management 6.00 Challenges with encryption keys 9:47 How to handle application secret management and encryption keys - requirements and best practices 12.25 Zero trust in key management - what does it mean and how to implement it 20:10 The process of integrating keys with cloud platform 25:35 A-Key-Less state of the market approach 27.35 Summary and conclusions ...
13

Episode 13: Creating Trust & Awareness
Attendees Guest: Vladi Sandler Guest title: Cloud Security team leader Company: cymotive.com Abstract Gaining trust and developing awareness with customers is one of the hardest challenges for providers. It is almost an art. In this episode we talk with Vladi Sandler from Cymotive about creating healthy relationships with customers and how a mixture of personal awareness and technical proficiency are crucial in the customer-provider relationships. Timing: 0:25 introducing our guest 03:30 Introducing Cymotive 5:55 Cymotive challenges with their market targets 10:10 relevant Security teams for protecting automotive 11:50 The concepts of car security 13:55 Challenges when creating trust - The people angle 17:48 Challenges when creating trust - The process angle 22:00 Challenges when creating trust - The technology angle 27:50 Summary and final words ...
12

Episode 12: Diving Into Authorization And Policy Bases Access Controls
Attendees Guest: Tsachi Lutaty Guest title: R&D manager Company: PlainID Abstract In the past years we have reached important progress in authentication. Multi factor authentication and Identity Federation solved many of the identity authentication challenges. So it is now time to focus on the second aspect of Identity & Access Management - the aspect of Identity Authorization. In this podcast we are talking with Tsachi Lutaty, R&D manager for PlainID, about the move from Role based access controls to Policy based access controls and how organizations can better engineer their authorization scheme and policies. Timing: 0:41 introducing our guest 1:25 Introducing PlainID 2:45 Authorization challenges - what are modern authorization challenges 8:00 Role based access control vs. Attribute / Policy based access control 15:30 Existing authorization standards 18:58 How can we better engineer authorization system - The technology angle 26:15 How can we better engineer authorization system - The process angle 29:30 How can we better engineer authorization system - The people angle 32:50 Summary and final words ...
11

Episode 11: IoT Security Basics
Attendees Guest: Eliav Gnessin Guest title: CTO Company: DeviceTone Abstract IOT present one of the hottest topics in the industry today. In this episode we talk with Eliav Gnessin, CTO for DeviceTone, about securely engineering IOT solution end to end. During the episode Eliav guides us through IOT journey starting from the chipset of the device itself and all the way up to the IOT cloud based management. Eliav will explain about different implementations consideration, latest developments in the market and the efforts made by chipmakers & cloud provider to create more secure IOT. Timing 0:00 Intro and introducing Eliev and DeviceTone 2:05 Why is it so hard to built secure IOT solutions? 9.00 How to properly build an IOT solutions: the technology angle 18:50 How to properly build an IOT solutions: the people angle 22.40 How to properly build an IOT solutions: the process angle 28:10 Doing over-the-air updates 31:40 The different approaches to IOT coming from the cloud providers 38.20 Tips to IOT developers ...